Data protection and privacy settings in Gong

Who can use this: Tech admin

Available on: Any Gong plan

Data protection and privacy in Gong defines how customer conversation data is captured, stored, shared, retained, redacted, and deleted. These settings help organizations meet requirements for capturing sales conversations and emails that are relevant to the business.

The Data protection & privacy settings are applied at the company level and affect how Gong handles calls, emails, transcripts, and related metadata.

What these settings apply to

The settings in this area control how Gong handles the following types of data:

• Call recordings and their transcripts

• Emails captured and imported into Gong

• Web conference meetings recorded by Gong

• Derived data used for analysis, such as speaker attribution and interaction statistics

Activities not imported by default

To keep Gong focused on deal-related activity and reduce content not related to the business from being imported to Gong, Gong automatically excludes certain calls and emails from being imported.

In addition, exclusion lists and rules can be configured to prevent personal, internal, or system-generated activity from being imported to Gong.

Emails excluded by default

Gong imports emails only when the sender or at least one recipient is a CRM contact or lead.

Gong avoids importing:

• Private emails, including emails team members send to themselves

• Internal emails, such as those sent from HR or internal teams

• Spam or system-generated emails

• Emails from public email domains that are unlikely to be business-related (configurable)

In addition, Gong automatically excludes:

• Bounced email notifications

• Emails marked by a team member as not to import into Gong

• Emails sent from domains defined as internal

• Emails from domains excluded from being imported into Gong

For Outlook, Gong also excludes:

• Emails tagged as Personal or Private

• Only emails with a sensitivity level of Normal are imported from Outlook.

Built-in global exclusion lists

Gong maintains built-in lists that are used to exclude importing emails and calls that you don’t want in Gong.

These lists include:

• Domains: Emails sent from these domains are not imported

• Email prefixes: Emails with certain prefixes before the @ symbol are not imported

• Words in the subject: Emails containing certain words in the subject are not imported

These lists are managed by Gong and cannot be edited at the company level. You can choose whether to exclude emails based on these lists. Contact Gong support if changes to these built-in exclusions are required.

Company-specific exclusion lists

You can configure lists which exclude calls and emails from being captured. The lists are:

• Domains

• Email addresses

• Email prefixes

• Words or phrases in meeting titles

• Words or phrases in email subjects

Exclude lists are evaluated before a call is recorded or an email is imported.

Internal domains

If you maintain more than one domain in your company, listing those domains helps Gong determine whether a call or email is internal or not.

The following applies to internal domains:

• Call recording: A call is internal if all participants’ email is from a company domain. Internal calls are only recorded if you set them to be recorded in the Recording settings page.

• Emails: Emails are only imported if there is a participant who is also in your CRM.

• CRM: People who have an email with the company’s internal domain won’t be synced with the CRM and won’t appear in Gong as leads or contacts.

Sharing and visibility settings

Including a link to a call in a follow-up email helps prospects revisit the conversation and share it internally. When calls are shared more broadly, this can signal continued engagement in the deal. You can see how many times a call was shared in the Feature utilization report. At the same time, you may want to control who can access shared calls and how long they remain available.

Call sharing settings includes:

• Period of time the call is available for

• Restrictions on who the call can be shared with

• Settings for sharing folders internally

Protecting sensitive information

Gong provides tools to protect sensitive information in captured calls.

These include:

• Numeric redaction, which removes sequences of digits from calls and transcripts

• PHI redaction, which removes personal identifiers from calls and transcripts

Redaction applies to new calls only and permanently removes the redacted content.

Data encryption, deletion, and retention

Data protection and privacy settings also define how data is stored and how long it remains available.

These controls include:

• Encrypting Gong data using customer-managed encryption keys

• Deleting personal data associated with external individuals

• Defining how long calls, emails, and transcripts are retained

Once data is deleted due to deletion requests or retention limits, it cannot be restored.

Other resources

• Gong Trust Center

• Our terms and conditions

• Our privacy policy

• Our data processing addendum (DPA)

Have a question? See FAQs for data protection & privacy and Security, Privacy and Compliance FAQs.